How can a Jenkins controller administer its own users?

Article ID:115003518887
1 minute readKnowledge base


  • Jenkins controller manage its own users


  • CloudBees Jenkins Enterprise (CJE)

  • CloudBees Jenkins Operation Center (CJOC)


An administrator for the JOC would need to configure the controller to allow it to opt-out of the security settings. By doing so, the controller will lose Single-Sign On capabilities with the JOC and have separate credentials to log on to other controllers.

  • Manage Jenkins -> Configure Global Security or https://$JOC_ADDRESS:$JOC_PORT>/configureSecurity/

    • Select the checkbox "Allow client controllers to opt-out" under Client controller security

    Allow client controllers to opt-out
  • Configure the controller https://$JOC_ADDRESS:$JOC_PORT/job/$CONTROLLER_NAME/configure

    • Select the checkbox "Opt-out" under Security Setting Enforcement

  • On the controller, go to Manage Jenkins -> Configure Global Security or https://$JE_ADDRESS:$JE_PORT/configureSecurity/

    • Select the button for "Jenkin’s own user database" under Security Realm

    Configure users
  • It is optional to have "Allow users to sign up" checked. If this is unchecked, the admin for the controller will need to create the users manually.